From 7a0ed6909ec23adb30fe7b2709e701f0322a46f4 Mon Sep 17 00:00:00 2001 From: Klemens Nanni Date: Thu, 12 Dec 2024 22:27:21 +0300 Subject: [PATCH] Use pledge(2) on OpenBSD Straight forward thanks to all privileged operations being done early enough during startup. --- cmd/yggdrasil/main.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go index b3cbecf03..b3c9151d2 100644 --- a/cmd/yggdrasil/main.go +++ b/cmd/yggdrasil/main.go @@ -312,6 +312,21 @@ func main() { } } + // Promise final modes of operation. At this point, if at all: + // - raw socket is created/open + // - admin socket is created/open + // - privileges are dropped to non-root user + // + // Peers, InterfacePeers, Listen can be UNIX sockets; + // Go's net.Listen.Close() deletes files on shutdown. + promises := []string{"stdio", "cpath", "inet", "unix", "dns"} + if len(cfg.MulticastInterfaces) > 0 { + promises = append(promises, "mcast") + } + if err := protect.Pledge(strings.Join(promises, " ")); err != nil { + panic(fmt.Sprintf("pledge: %v: %v", promises, err)) + } + // Block until we are told to shut down. <-ctx.Done()